blob: c2c8769ce465b197618a84a23b8e6ec303dc2af0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
{% extends "common/news.j2" %}
{% block body_content %}
<h1>2021-3: "Why a Digital Euro should be Online-first and Bearer-based
" published</h1>
<p>
We are happy to announce the publication of our paper on "Why a Digital Euro should be Online-first and Bearer-based".
</p>
<p>
The European Central Bank’s “Report on a Digital Euro” considers
two distinct types of designs for a digital euro. It argues that all functional
requirements laid out in the report can be fulfilled by operating the two systems
in parallel:
<ul>
<li>A bearer-based digital euro based on trusted hardware that can be used
offline, anonymously, and without third-party intervention.
<li>An account-based digital euro that can be used online, is fully software-
based and excludes the possibility of anonymity.
</ul>
The report does not discuss other choices of hybrid systems. However, the
choice is more arbitrary than it might seem at first sight: bearer-based systems
are not necessarily offline payment systems, and online payment systems do not
need to exclude anonymity.
</p>
<p>
We argue that operating a bearer-based payment system to complement an
account-based CBDC in order to gain offline and privacy features is not a good
trade-off. Adding permanent, regular offline capabilities via the bearer-based
payment instrument constantly exposes the CBDC to the severe issues inherent
in offline-capable payment systems. Instead, the offline mode of operation
should be restricted to scenarios where it is actually required, which mitigates
the risks.
</p>
<h4>Download links</h4>
<ul>
<li><a href="/papers/euro-bearer-online-2021.pdf">PDF (English)</a></li>
</ul>
<h4>Related exploits published after our article</h4>
<ul>
<li><a href="https://kb.cert.org/vuls/id/782720">TCG TPM 2.0 (2023)</a></li>
<li><a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html">Intel SGX (2023)</a></li>
<li><a href="https://developer.arm.com/documentation/ka005159/1-0">AMD Trust Zone (2022)</a></li>
<li><a href="https://ieeexplore.ieee.org/document/9933270">ATECC608B (2022)</a></li>
<li><a href="https://arxiv.org/abs/2304.14717">AMD Platform Security Processor (2023)</a></li>
<li><a href="https://downfall.page/">Intel SGX (2023)</a></li>
</ul>
{% endblock body_content %}
|
